Jump to content
Welcome to our new Citrix community!
  • 0

LTSR 1912 2019 Conditional Access Failures

Geraint Jones




I have a LTSR 1912 (No roll ups) farm on Windows 2019 fully patched.  Backed by PVS again LTSR 1912, and FSLogix for profile management.


The issue I'm seeing is user sessions are failing Conditional Access, sadly my business is complex, so I'm not a global administrator for our tenant, but our devices are Hybrid Azure AD joined.  When sealing the image, doing a dsregcmd /leave command, and have a start up action of dsregcmd /join.  When the images come up /status shows machine and user as joined.


Working with Citrix support, they followed through with uninstalled CVAD (Citrix profile management services are disabled), FSLogix and test via RDP where the issue remained.  They suggest starting from scratch with the 2019 image, but as we install everything into the image this is no small task.


When working with our tenants global administrators they pointed out that it appeared as if the applications weren't getting their tokens (the issue is Sharepoint online via Edge fails CA tests (IE works), OneDrive won't silently sign in as failing MFA) exploring C:\users\%username%\appdata\local\packages a new user profile will only see


Cortana and ShellExperienceHost, when there should be a lot more directories, like AAD etc (I have tried including and excluding this DIR via FSLogix but it has made no difference, as well as uninstalling FSLogix etc)


I was wondering if anyone in the community had experienced something similar ?



Link to comment

1 answer to this question

Recommended Posts

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...